Cybercriminals Leak Millions of Records in “Free Leakmas” Campaign During the Holiday Season

The holiday season is usually a time of joy and celebration, but for cybercriminals, it presented an opportunity to carry out their nefarious activities. In the days leading up to Christmas, a staggering 50 million records containing sensitive personal information were leaked by these threat actors. These leaks, primarily found on the Dark Web, were labeled “Free Leaksmas,” indicating that the criminals were sharing their data as a gesture of mutual gratitude among their ilk.

“Free Leaksmas” campaign on the Dark Web

The Dark Web served as the platform for cybercriminals to exchange and share compromised data during the holiday season. The “Free Leaksmas” campaign demonstrated a peculiar form of camaraderie among these threat actors. It is believed that by sharing their stolen data, they were expressing gratitude towards one another and establishing an environment of trust within their criminal network. As part of the campaign, underground shops offering compromised accounts on online banking and ecommerce platforms even provided substantial discounts, with markdowns reaching up to 40%.

Data dumps from various breaches

Several major data breaches contributed to the “Free Leaksmas” campaign, resulting in significant record leaks. One of the most prominent dumps came from a breach at Peruvian telecom provider Movistar, where a staggering 22 million records containing customer phone numbers and identification numbers were compromised. This breach is concerning as it exposes a vast amount of personal information that could potentially be exploited for various malicious purposes.

In addition to the Movistar breach, other notable Leaksmas datasets emerged from breaches at a Vietnamese fashion retailer and a French company. Both of these breaches yielded millions of records, further fueling concerns about the extent of personal data available to cybercriminals.

Revisiting older incidents

Interestingly, some of the leaked data appeared to originate from older incidents that had resurfaced. One such incident was the rumored breach of the Swedish fintech company Klarna in 2022. It is clear that cybercriminals are not only focused on recent breaches but also revisiting past incidents to exploit any remaining vulnerabilities and retrieve valuable data.

Notable threat actors involved

Several known threat actor groups have been identified as participating in the “Free Leaksmas” campaign. One such group is SeigedSec, a pro-Iranian entity that has previously targeted critical infrastructure and industrial control systems environments in Israel. Their involvement in sharing compromised data during the holiday break raises concerns over potential future attacks on critical systems.

Another group involved in the Leaksmas campaign is the hacktivist alliance known as the “Five Families.” This group claimed responsibility for stealing records from a large Chinese clothing store due to its alleged abusive labor practices and government connections. The motivations behind their actions highlight the intersection between cybercrime and activism.

Discounts and Focus on Stolen Credit Card Data

As digital identity remains a primary focus for cybercriminals, those selling stolen credit card data and related services offer attractive discounts to entice new buyers. Cybercriminals recognize the lucrative nature of stolen credit card information and the potential for financial gain. By offering discounts, they seek to expand their customer base and increase the demand for stolen data.

The “Free Leaksmas” campaign conducted by cybercriminals during the holiday season resulted in a massive influx of leaked personal data. The collaboration and data sharing observed among these threat actors signifies the existence of a robust criminal network. With notable threat actors and the abundance of compromised accounts and credit card information, the importance of data security cannot be stressed enough. As we move forward, it is crucial for individuals and organizations to remain vigilant and implement robust cybersecurity measures to protect against such breaches and safeguard sensitive information.

Explore more

Why Should Leaders Invest in Employee Career Growth?

In today’s fast-paced business landscape, a staggering statistic reveals the stakes of neglecting employee development: turnover costs the median S&P 500 company $480 million annually due to talent loss, underscoring a critical challenge for leaders. This immense financial burden highlights the urgent need to retain skilled individuals and maintain a competitive edge through strategic initiatives. Employee career growth, often overlooked

Making Time for Questions to Boost Workplace Curiosity

Introduction to Fostering Inquiry at Work Imagine a bustling office where deadlines loom large, meetings are packed with agendas, and every minute counts—yet no one dares to ask a clarifying question for fear of derailing the schedule. This scenario is all too common in modern workplaces, where the pressure to perform often overshadows the need for curiosity. Fostering an environment

Embedded Finance: From SaaS Promise to SME Practice

Imagine a small business owner managing daily operations through a single software platform, seamlessly handling not just inventory or customer relations but also payments, loans, and business accounts without ever stepping into a bank. This is the transformative vision of embedded finance, a trend that integrates financial services directly into vertical Software-as-a-Service (SaaS) platforms, turning them into indispensable tools for

DevOps Tools: Gateways to Major Cyberattacks Exposed

In the rapidly evolving digital ecosystem, DevOps tools have emerged as indispensable assets for organizations aiming to streamline software development and IT operations with unmatched efficiency, making them critical to modern business success. Platforms like GitHub, Jira, and Confluence enable seamless collaboration, allowing teams to manage code, track projects, and document workflows at an accelerated pace. However, this very integration

Trend Analysis: Agentic DevOps in Digital Transformation

In an era where digital transformation remains a critical yet elusive goal for countless enterprises, the frustration of stalled progress is palpable— over 70% of initiatives fail to meet expectations, costing billions annually in wasted resources and missed opportunities. This staggering reality underscores a persistent struggle to modernize IT infrastructure amid soaring costs and sluggish timelines. As companies grapple with